So far, it's a relatively benign, easy introduction to a new operating system that blends the familiar and new in a timid package. Perhaps that's the goal, because a radical offering would right away scare everyone. Amazon Linux 2 is an appealing concept, as it gives users what Red Hat never quite did (yet) - A Fedora-like bleeding-edge tech with the stability and long-term support of the mainstay enterprise offering. But then, it also pulls a Debian/Ubuntu stunt by breaking ABI, so it will be cubicle to those who enjoying living la vida loco (in their cubicle or open-space prison).

Having lived and breathed the large-scale HPC world for many years, I am quite piqued to see how this will evolve. Performance, stability and ease of use will be my primary concerns. Then, is it possible to hook up a remote virtual machine into the EC2 hive? That's another experiment, and I'd like to see if scaling and deployment works well over distributed networks. Either way, even if nothing comes out of it, Amazon Linux 2 is a nice start to a possibly great adventure. Or yet another offspring in the fragmented family we call Linux. Time will tell. Off you go. Cloud away.

The Document Foundation announced recently that its LibreOffice 6.0 open-source and cross-platform office suite reached almost 1 million downloads since its release last month on January 31, 2018.

That's terrific news for the Open Source and Free Software community and a major milestone for the acclaimed LibreOffice office suite, which tries to be a free alternative to proprietary solutions like Microsoft Office.

The 1 million downloads mark was reached just two weeks after the release of LibreOffice 6.0, which is the biggest update ever of the open-source office suite adding numerous new features and enhancements over previous versions.

Landing in FreeBSD today was the mitigation work for the Meltdown and Spectre CPU vulnerabilities.

It's taken a few more weeks longer than most of the Linux distributions to be re-worked for Spectre/Meltdown mitigation as well as DragonFlyBSD, but with FreeBSD Revision 329462 it appears their initial fixes are in place.

There is Meltdown mitigation for Intel CPUs via a KPTI implementation similar to Linux, the Kernel Page Table Isolation. There is also a PCID (Process Context Identifier) optimization for Intel Westmere CPUs and newer, just as was also done on Linux.

Linux and recursion are on very good speaking terms. In fact, a number of Linux command recurse without ever being asked while others have to be coaxed with just the right option. When is recursion most helpful and how can you use it to make your tasks easier? Let’s run through some useful examples and see.

MX Linux Review of MX-17. MX-17 is a cooperative venture between the antiX and former MEPIS Linux communities. It’s XFCE based, lightning fast, comes with both 32 and 64-bit CPU support…and the tools. Oh man, the tools available in this distro are both reminders of Mepis past and current tech found in modern distros.

Samsung stopped the distribution of the Android 8.0 Oreo operating system update for its Galaxy S8 and S8+ smartphones due to unexpected reboots reported by several users.

SamMobile reported the other day that Samsung halted all Android 8.0 Oreo rollouts for its Galaxy S8/S8+ series of Android smartphones after approximately a week since the initial release. But only today Samsung published a statement to inform user why it stopped the rollouts, and the cause appears to be related to a limited number of cases of unexpected reboots after installing the update.

The Xen Project is comprised of a diverse set of member companies and contributors that are committed to the growth and success of the Xen Project Hypervisor. The Xen Project Hypervisor is a staple technology for server and cloud vendors, and is gaining traction in the embedded, security and automotive space. This blog series highlights the companies contributing to the changes and growth being made to the Xen Project and how the Xen Project technology bolsters their business.

A few days back I reported on Intel Icelake patches for the i965 Mesa driver in bringing up the OpenGL support now that several kernel patch series have been published for enabling these "Gen 11" graphics within the Direct Rendering Manager driver. This Icelake support has been quick to materialize even with Cannonlake hardware not yet being available.

Introduced as part of LunarG's recent Vulkan SDK update is the VLF, the Vulkan Layer Factory.

The Vulkan Layer Factory aims to creating Vulkan layers easier by taking care of a lot of the boilerplate code for dealing with the initialization, etc. This framework also provides for "interceptor objects" for overriding functions pre/post API calls for Vulkan entry points of interest.

The "L" in the ELK stack gets updated with new features including advanced security capabilities.

Many modern enterprises have adopted the ELK (Elasticsearch, Logstash, Kibana) stack to collect, process, search and visualize data.

At the core of the ELK stack is the open-source Logstash project which defines itself as a server-side data processing pipeline - basically it helps to collect logs and then send them to a users' "stash" for searching, which in many cases is Elasticsearch.

TigoCTM CEO Cindy Zimmerman says “we are excited to begin manufacturing our secure, private and open source desktops at our factory in the Panama Pacifico special economic zone. This is the first step towards a full line of secure, blockchain-powered hardware including desktops, servers, laptops, tablets, teller machines, and smartphones.”

[...]

Every component of each TigoCTM device is exhaustively researched and selected for its security profile based especially on open source hardware, firmware, and software. In addition, devices will run the GuldOS operating system, and open source applications like the Bitcoin, Ethereum and Dash blockchains. This fully auditable stack is ideal for use in enterprise signing environments such as banks and investment funds.

We look at security from the perspective of containers, Kubernetes deployment itself and network security. Such a holistic approach is needed to ensure that containers are deployed securely and that the attack surface is minimized. The best practices that arise from each of the above tenets apply to any Kubernetes deployment, whether you’re self-hosting a cluster or employing a managed service.

We should note that there are related security controls outside of Kubernetes, such as the Secure Software Development Life Cycle (S-SDLC) or security monitoring, that can help reduce the likelihood of attacks and increase the defense posture. We strongly urge you to consider security across the entire application lifecycle rather than take a narrow focus on the deployment of containers with Kubernetes. However, for the sake of brevity, in this series, we will only cover security controls within the immediate Kubernetes environment.

The Google Kubernetes Engine (previously known as the Google Container Engine and GKE) now allows all developers to attach Nvidia GPUs to their containers.

GPUs on GKE (an acronym Google used to be quite fond of, but seems to be deemphasizing now) have been available in closed alpha for more than half a year. Now, however, this service is in beta and open to all developers who want to run machine learning applications or other workloads that could benefit from a GPU. As Google notes, the service offers access to both the Tesla P100 and K80 GPUs that are currently available on the Google Cloud Platform.

Today Google launched a new version of its Chrome browser with what they call an "ad filter"—which means that it sometimes blocks ads but is not an "ad blocker." EFF welcomes the elimination of the worst ad formats. But Google's approach here is a band-aid response to the crisis of trust in advertising that leaves massive user privacy issues unaddressed.

Last year, a new industry organization, the Coalition for Better Ads, published user research investigating ad formats responsible for "bad ad experiences." The Coalition examined 55 ad formats, of which 12 were deemed unacceptable. These included various full page takeovers (prestitial, postitial, rollover), autoplay videos with sound, pop-ups of all types, and ad density of more than 35% on mobile. Google is supposed to check sites for the forbidden formats and give offenders 30 days to reform or have all their ads blocked in Chrome. Censured sites can purge the offending ads and request reexamination.

[...]

Some commentators have interpreted ad blocking as the "biggest boycott in history" against the abusive and intrusive nature of online advertising. Now the Coalition aims to slow the adoption of blockers by enacting minimal reforms. Pagefair, an adtech company that monitors adblocker use, estimates 600 million active users of blockers. Some see no ads at all, but most users of the two largest blockers, AdBlock and Adblock Plus, see ads "whitelisted" under the Acceptable Ads program. These companies leverage their position as gatekeepers to the user's eyeballs, obliging Google to buy back access to the "blocked" part of their user base through payments under Acceptable Ads. This is expensive (a German newspaper claims a figure as high as 25 million euros) and is viewed with disapproval by many advertisers and publishers.

Over the next six months, Mozilla is planning to switch code review tools from mozreview/splinter to phabricator. Phabricator has more modern built-in tools like Herald that would have made setting up this shared queue a little easier, and that’s why I paused…briefly

Firefox Screenshots is the first Test Pilot experiment to graduate into Firefox, and it’s been surprisingly successful. You won’t see many people talking about it: it does what you expect, and it doesn’t cover new ground. Mozilla should do more of this.

2018 is here and ticking; will we finally get an official Evernote client app for Linux? Maybe not. But why does it matter? I’ve written about a good number of Evernote alternatives and today I introduce to you yet another one.

Joplin is an open-source productivity application used for taking high-quality digital notes. With it, you can take notes in Markdown format, organize them into notebooks, and make them easily locatable using tags.

The Fall Part 2: Unbound [GOG, Steam] is the long-awaited follow-on from Over The Moon's previous story-based adventure and puzzle game The Fall.

What's nice, is that it does include a short recap of what happened during the events of The Fall, so for those of you who want to jump right in without playing the previous game it is easy to get into.

As you may know if you read this blog via Planet GNOME, the GNOME project is busy switching to GitLab for its code hosting and bug tracking. I like GitLab! It’s a large step up from Bugzilla, which was what GNOME used for the last 20 years. Compared to GitHub, GitLab is about equal, with a few nicer things and a few less nice things.

The one thing that I miss from Bugzilla is a dashboard showing the overall status of the bugs for your project. I thought it would not be too hard to use the GitLab API to do some simple queries and plop them on a web page. So, last weekend I gave it a try. The final result is here. Click the button to log into GitLab, and you’ll be redirected back to the page where you’ll get the results of the queries.

Although fwupd 0.8.0 was released over a year ago it seems people are still downloading firmware with older fwupd versions. 98% of the downloads from the LVFS are initiated from gnome-software, and 2% of people using the fwupdmgr command line or downloading the .cab file from the LVFS using a browser manually.

Transmitting low delay, high quality video over the Internet is hard. The trade-off is normally between video quality and transmission delay (or latency). Internet video has up to now been segregated into two segments: video streaming and video calls. On the first side, streaming video has taken over the world of the video distribution using segmented streaming technologies such as HLS and DASH, allowing services like Netflix to flourish. On the second side, you have VoIP systems, which are generally targeted a relatively low bitrate using low latency technologies such as RTP and WebRTC, and they don't result in a broadcast grade result. SRT bridges that gap by allowing the transfer of broadcast grade video at low latencies.

I’m frequently building GTK+. Since I am using Fedora Atomic Workstation now, i have to figure out how to do GTK+ development in this new environment. GTK+ may be a good example for the big middle ground of things that are not desktop applications, but also not part of the OS itself.

I was working on adding sounds to Pixel Wheels rescue helicopter, so I started SFXR Qt and after a few experiments I came up with a decent sound. Unfortunately it did not sound that good in the game. It was much more dull than in the app. Listening again to the sound in SFXR Qt I realized there were subtle variations between each plays, which made the sound more interesting.

In the last post, we discussed a new approach to design time and build time integration of external tools in Visual Studio using MSBuild rules and targets. This will be included in the upcoming release of version 2.2 of the Qt VS Tools. In this post, we will discuss the performance improvements that are also included in this new version.

Since this round took a long time and was scheduled to be release many times last year I decided not to update Cutelyst to avoid not having the chance to fix any issues and have broken results. Cutelyst 1.9.0 and Qt 5.9 were used, both had some performance improvements compared to round 14, and thus you can see better results on this round compared to 14, most notably the JSON tests went from 480K request/second to 611K req/s, also due this old Cutelyst release jemalloc was again not used due a bug we had in CMake files that didn’t link against it.

Over the past few weeks, we’ve done a lot of Usability & Productivity work for Spectacle, KDE’s screenshot tool. I’d like to share the progress! But first, a screenshot. Here’s how spectacle looks now:

This is going to be a double-header: today we’re discussing Discover as well as Kirigami–KDE’s UI framework that facilitates writing convergent apps that look and feel good on both the desktop and a mobile device.

…At least that’s the idea. The truth is, KDE users have voiced a lot of criticism for how well this works out in practice. An especially common complaint is that the desktop user experience gets short shrift, and Kirigami apps feel like big phone apps.

The OpenAPI specification is a definition format to describe RESTful APIs (a web services interoperability standard) — it makes APIs easier to a) develop and integrate into a wider application structure because it maps out all the resources and operations associated with the API itself.

LibreOffice is the power-packed free, libre and open source personal productivity suite for Windows, Macintosh and GNU/Linux, that gives you six feature-rich applications for all your document production and data processing needs: Writer: the word processor, Calc: the spreadsheet application, Impress: the presentation engine, Draw: our drawing and flowcharting application, Base: our database and database frontend, and Math: for editing mathematics.

We would like to congratulate the hard working folks behind the LibreOffice 6.0 application suite. Officially released on January 31, the site has counted almost 1 million downloads. An amazing accomplishment.

There you go. Now, before you say “But Windows or Gnome also …” Wait. Stop. The purpose of this list is not to seek solace in failures or incomplete/imperfect implementations of desktop environment solutions that may exist out there. The purpose is to express my view, as an individual user, of the big and little things that do not seem to work well in Plasma. After all, the desktop is there to allow people to enjoy themselves, to have fun, to be productive, and whatnot. And every little papercut or inconsistency is detrimental to the experience.

It would be a nice exercise to actually do the same thing with … other desktop environments. I believe that Plasma probably has the fewest issues, as odd as it may sound after you’ve just consumed this long j’accuse list. But it is still not perfect, it’s still not good enough to everyday use, and there are many things that need to be improved. Then again, no one said creating a splendid desktop environment was going to be easy or boring, right. Take care, and perhaps in your comments, you will come up with a few more niggles that I missed. Let’s hear your thoughts. Spill them out.

Researchers have developed a tool to uncover new ways of attacking the Meltdown and Spectre CPU side-channel flaws, which may force chipmakers like Intel to re-examine already difficult hardware mitigations.

The tool allowed the researchers to synthesize a software-attack based on a description of a CPU's microarchitecture and an execution pattern that could be attacked.

Social media is widely used by individuals and enterprises today and is often also unfortunately widely used by cyber-attackers. How can organizations protect their social media assets? That's a challenge that multiple vendors are now tackling, including ZeroFox.

More in Tux Machines

Linux: To recurse or not

Linux and recursion are on very good speaking terms. In fact, a number of Linux command recurse without ever being asked while others have to be coaxed with just the right option. When is recursion most helpful and how can you use it to make your tasks easier? Let’s run through some useful examples and see.

today's leftovers

MX Linux Review of MX-17. MX-17 is a cooperative venture between the antiX and former MEPIS Linux communities. It’s XFCE based, lightning fast, comes with both 32 and 64-bit CPU support…and the tools. Oh man, the tools available in this distro are both reminders of Mepis past and current tech found in modern distros.

Samsung stopped the distribution of the Android 8.0 Oreo operating system update for its Galaxy S8 and S8+ smartphones due to unexpected reboots reported by several users.
SamMobile reported the other day that Samsung halted all Android 8.0 Oreo rollouts for its Galaxy S8/S8+ series of Android smartphones after approximately a week since the initial release. But only today Samsung published a statement to inform user why it stopped the rollouts, and the cause appears to be related to a limited number of cases of unexpected reboots after installing the update.

The Xen Project is comprised of a diverse set of member companies and contributors that are committed to the growth and success of the Xen Project Hypervisor. The Xen Project Hypervisor is a staple technology for server and cloud vendors, and is gaining traction in the embedded, security and automotive space. This blog series highlights the companies contributing to the changes and growth being made to the Xen Project and how the Xen Project technology bolsters their business.

A few days back I reported on Intel Icelake patches for the i965 Mesa driver in bringing up the OpenGL support now that several kernel patch series have been published for enabling these "Gen 11" graphics within the Direct Rendering Manager driver. This Icelake support has been quick to materialize even with Cannonlake hardware not yet being available.

Introduced as part of LunarG's recent Vulkan SDK update is the VLF, the Vulkan Layer Factory.
The Vulkan Layer Factory aims to creating Vulkan layers easier by taking care of a lot of the boilerplate code for dealing with the initialization, etc. This framework also provides for "interceptor objects" for overriding functions pre/post API calls for Vulkan entry points of interest.